Data privacy statement
Last updated 9.05.2023
Introduction and overview
Data privacy is very important to us.
​
We have created this privacy statement in order to clearly explain to you, in accordance with the requirements of the General Data Protection Regulation (GDPR) and based on the applicable national laws, which personal data (data for short) we process as the responsible party and any processors (e.g. providers) commissioned by us and may also process in the future.
We highlight what rights you have in this regard and how you can assert them.
We try to present both legal and technical terms in clear and simple language. The terms used are to be understood as gender-neutral.
We hope you find the following explanations interesting and informative. If you nevertheless have any further questions, please contact the responsible office mentioned below and also in the imprint. You can also follow the links to third-party sites within this privacy policy for further information.
​
Name and contact information of the person responsible
If you have any questions about data privacy or data processing, you can contact the responsible person or office:
​Christoph Kral MA MSc
culturehack e.U.
Musketierweg 40A /Haus 1
1220 Vienna
Austria
Email: christoph.kral(AT)culturehack.eu
Phone: +43 664 6144463
Imprint: https://www.culturehack.eu/impressum
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
​
Purpose and legal basis of processing
In the following privacy policy, we provide you with transparent information on the legal principles and regulations on the basis of which the processing of personal data is enabled.
You can read Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data in the EUR-Lex legal information system.
You can find this regulation there under the following link:
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679&tid=111898359
​
Consent (Art. 6 para. 1 lit. a GDPR)
In this case, you have given us your consent to process your personal data for a specific purpose.
Example: Entering your personal data and then sending it in our contact form.
​
Contract (Art. 6 para. 1 lit. b GDPR)
In this case, we or a processor process your personal data to fulfill a contract or a pre-contractual obligation.
Example: For us to conclude a contract with each other, we need personal information in advance.
​
Legal obligation (Art. 6 para. 1 lit. c GDPR)
In this case, we are subject to a legal obligation to process your personal data.
Example: When issuing an invoice, we are obliged to keep it in accordance with the Regulation. Invoices often contain personal information.
​
Legitimate interests (Art. 6 para. 1 lit. f GDPR)
In the case of legitimate interests, we reserve the right to process personal data, provided that your interests regarding fundamental rights and freedoms do not prevail.
Example: Processing of personal data to enable secure and economic operation of the website.
​
National regulations
In addition to the regulations of the General Data Protection Regulation (GDPR), additional national regulations still apply in the individual states.
In Austria, the Data Protection Act (Datenschutzgesetz, DSG) additionally applies to the protection of personal data for natural persons and legal entities. The latest version of this law is published in the legal information system of the Republic of Austria:
In Germany, the Federal Data Protection Act (BDSG) applies to the protection of personal data.
​
Retention period of personal data
We only store personal data for as long as it is necessary for the provision of our services and products or for as long as there is a legal obligation to do so.
This means that the personal data will be deleted as soon as the legal bases listed above are no longer fulfilled.
​
Your rights under the General Data Protection Regulation
Chapter 3 in Articles 12 to 23 of the GDPR lists the rights of data subjects with regard to the processing of personal data. We would like to outline these briefly and concisely in the following sections.
​
Right of information (Art. 15 GDPR)
You have the right to request confirmation from the controller as to whether personal data concerning you are being processed.
If this is the case, you have a right to the following information:
-
For what purpose the processing takes place.
-
What type of data (so-called categories) are being processed.
-
Who receives this data.
-
Whether this data is transferred to third countries.
-
How long this data will be stored.
-
That you have a right to rectification, deletion, restriction or even objection to this processing.
-
That you have a right to complain to a supervisory authority.
-
Where the data comes from, if we have not obtained it directly from you.
-
Whether this data is automatically analyzed to create a personal profile of you (Profiling).
Furthermore, you have the right to receive a copy of the personal data processed about you.
If no personal data is processed from you, then you will receive information that no personal data is processed from you.
​
Right of rectification (Art. 16 GDPR)
You have the right to require us to correct or complete your personal information if you discover an error.
​
Right of deletion (Art. 17 GDPR)
You have the right to request deletion of your personal data. ("Right to be forgotten")
​
Right of restriction of processing (Art. 18 GDPR)
You have the right to request a restriction of the processing of your personal data. This means that this data may only be stored, but no longer processed.
​
Right of data portability (Art. 20 GDPR)
The right to data portability means that we will provide you with your personal data in a common format upon request.
​
Right to object (Art. 21 GDPR)
If the processing of your personal data is based on Article 6 para. 1 lit. e (task in the public interest, exercise of official authority) or Article 6 para. 1 lit. f (legitimate interest), you may object to the processing.
If your personal data is used for direct marketing, then you can object to this type of processing at any time. This means that we may no longer use your data for direct marketing.
If your personal data is used for profiling, then you can object to this type of processing at any time. This means that we may no longer use your data for profiling.
​
Right in case of automated decisions (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling. This applies particularly if this decision has a legal effect or similarly significantly affects you.
​
Right to complain (Art. 77 GDPR)
You have the right to complain to a supervisory authority. This may be the authority at your place of residence, your place of work or the authority at the place of the suspected violation.
In Austria, you can contact the Data Protection Authority (DPA) in case of complaints. This is also responsible for our company.
Austrian Data Protection Authority
Barrichgasse 40-42
1030 Wien
Österreich
Email: dsb@dsb.gv.at
Phone: +43 1 52152-0
Internet: https://www.dsb.gv.at
In Germany, the federal states have their own data protection authorities. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
The Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Straße 153
53117 Bonn
Deutschland
Email: poststelle@bfdi.bund.de
Phone: +49 (228) 997799-0
Internet: https://www.bfdi.bund.de
​
Information on data processing
In the following, we would like to inform you about the possible data processing according to Art. 13 GDPR.
​
Communication
If you contact us and communicate with us by phone, email or via online forms, then personal data may be processed.
This data is processed in the context of handling and processing your contact and the related business transaction.
The data will be stored in accordance with the above legal basis or for as long as we are required to do so by law.
​
Phone
When you call us, the call data is stored both on the respective end device and with the telecommunications provider.
Furthermore, data such as name, telephone number and address information can subsequently be sent by email and stored for the purpose of responding to your inquiry.
The data will be deleted as soon as the above-mentioned legal basis no longer exists and the legal requirements allow it.
​
Wenn Sie mit uns über Email kommunizieren, werden Ihre Daten gegebenenfalls auf dem jeweiligen Endgerät (Computer, Notebook, Tablet, Smartphone, ...) und auch auf dem Email Server gespeichert.
Die Daten werden gelöscht, sobald die oben angeführten Rechtsgrundlagen nicht mehr vorliegen und es die gesetzlichen Vorgaben erlauben.
​
Online Forms
If you communicate with us via email, your data may be stored on the respective end device (computer, notebook, tablet, smartphone, ...) and also on the email server.
The data will be deleted as soon as the legal bases listed above no longer exist and the legal requirements allow it.
​
Persons impacted
All those who contact us via the communication channels provided by us are affected by the above-mentioned processes.
​
Legal grounds
We process your data based on the following legal bases:
Consent (Art. 6 para. 1 lit. a GDPR): In this case, you have given us your consent to process your personal data for a specific purpose.
Contract (Art. 6 para. 1 lit. b GDPR): In this case, we or a processor process your personal data to fulfill a contract or a pre-contractual obligation.
Legal obligation (Art. 6 para. 1 lit. c GDPR): In this case, we are subject to a legal obligation to process your personal data.
Legitimate interests (Art. 6 para. 1 lit. f GDPR): In the case of legitimate interests, we reserve the right to process personal data, provided that your interests regarding fundamental rights and freedoms do not prevail here.
​
Website
For our website we use a website building system from the company Wix.com Ltd based in Israel.
With a modular system, website owners can create and operate websites very easily and without programming knowledge.
By using a building block system, personal data such as IP address, geographical location data of you may be collected, stored and processed when you visit our website.
In addition, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are usually collected. Furthermore, tracking data such as browser activity, clickstream activity, session heatmaps, etc. may also be collected.
The privacy policy of Wix.com Ltd can be found at https://www.wix.com/about/privacy.
​
Persons impacted
When you visit our website, your data is stored on our web server.
​
Legal grounds
We have a legitimate interest in using a website construction kit system to optimize our online services and to present them in an appealing and efficient manner for you.
The corresponding legal basis is Legitimate Interest pursuant to Art. 6 para. 1 lit. f GDPR.
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent.
This applies in particular to tracking activities. The legal basis in this respect is consent pursuant to Art. 6 para. 1 lit. a GDPR.
​
Cookies
Unsere Website verwendet so genannte Cookies.
Dabei handelt es sich um kleine Textdateien, die mit Hilfe des Browsers auf Ihrem Endgerät abgelegt werden. Sie richten keinen Schaden an.
Wir nutzen Cookies dazu, unser Angebot nutzerfreundlich zu gestalten.
Einige Cookies bleiben auf Ihrem Endgerät gespeichert, bis Sie diese löschen. Sie ermöglichen es uns, Ihren Browser beim nächsten Besuch wiederzuerkennen. Wenn Sie dies nicht wünschen, so können Sie Ihren Browser so einrichten, dass er Sie über das Setzen von Cookies informiert und Sie dies nur im Einzelfall erlauben.
Bei der Deaktivierung von Cookies kann die Funktionalität unserer Website eingeschränkt sein.
​
Cookie List
Service provider: Wix.com, Inc. https://www.wix.com
Data privacy policy: https://de.wix.com/about/privacy
Cookie name: XSRF-TOKEN
Purpose: Used for security reasons
Duration: Session
Cookie type: Essential
Cookie name: hs
Purpose: Used for security reasons
Duration: Session
Cookie type: Essential
Cookie name: svSession
Purpose: Used in conjunction with user login
Duration: 2 years
Cookie type: Essential
Cookie name: SSR-caching
Purpose: Used to indicate the system from which the website was rendered
Duration: 1 minute
Cookie type: Essential
Cookie name: _wixCIDX
Purpose: Used for system monitoring/troubleshooting.
Duration: 3 months
Cookie type: Essential
Cookie name: _wix_browser_sess
Purpose: Used for system monitoring/troubleshooting.
Duration: Session
Cookie type: Essential
Cookie name: consent-policy
Purpose: Used for the cookie banner parameters
Duration: 12 months
Cookie type: Essential
Cookie name: smSession
Purpose: Used to identify logged in website members.
Duration: Session
Cookie type: Essential
Cookie name: TS*
Purpose: Used for security and anti-fraud purposes
Duration: Session
Cookie type: Essential
Cookie name: bSession
Zweck: Wird für die Messung der Systemeffektivität verwendet
Duration: 30 minutes
Cookie type: Essential
Cookie name: fedops.logger.sessionId
Purpose: Used for measuring system effectiveness.
Duration: 12 months
Cookie type: Essential
Cookie name: wixLanguage
Purpose: Used on multilingual websites to store the user's language
Duration: 12 months
Cookie type: Essential
Service provider: Microsoft Corporation https://www.microsoft.com/
Data privacy policy: https://privacy.microsoft.com/de-de/privacystatement
Cookie name: ClientId
Purpose: Securing the connection
Duration: 24 hours
Cookie type: Essential
Cookie name: OIDC
Purpose: Securing the connection
Duration: 24 hours
Cookie type: Essential
Cookie name: OutlookSession
Purpose: Securing the connection within the page
Duration: Session
Cookie type: Essential
​
Email Marketing (Newsletter)
What is Email Marketing?
To keep you up to date, we also use the possibility of email marketing. This involves sending news or general information about a company, products, or services by email to a specific group of people who are interested in them.
​
Why do we use Email Marketing?
We want to stay in touch with you and always present you with the most important news about our company. For this purpose, we use, among other things, email marketing also referred to as "newsletter" as an essential component. By the term "newsletter" we mean here mainly regularly sent emails.
Therefore, if you have agreed to receive our emails or the newsletter, data from you will also be processed and stored.
Only if we have your consent or it is permitted by law we will send you newsletters, system emails or other notifications by email. We do not want to bother you with our newsletter in any way and therefore we always try to offer only relevant and interesting content. Our intention is that you learn more about our company, our services, or products. We are very eager to continuously improve our various offers and accordingly want to inform you about news or special, lucrative promotions with the help of the newsletter. The purpose of our email marketing is to inform you about new offers and at the same time to get closer to our business goals.
For email marketing, we regularly use service providers with professional mailing tools to provide you with fast and secure newsletters.
To participate in our email marketing, you normally only need to register with your email address. To do this, you fill out an online form and submit it. However, it may also happen that we ask you for your name and title, so that we can write to you personally.
Basically, the registration for our newsletter works with the help of the so-called "double opt-in procedure". After you have registered for our newsletter on our website, you will receive an email via which you confirm the newsletter registration. This ensures that the email address belongs to you and that no one has signed up under someone else's email address.
We or a notification tool we use logs every single subscription. This is necessary so that we can also prove the legally correct registration process. As a rule, the time of registration, the time of the registration confirmation and your IP address are stored. In addition, it is also logged when you make changes to your stored data.
​
Which data is being processed?
When you become a subscriber to our newsletter via our website, you confirm by email that you want to become a member of an email list. In addition to IP address and email address, your title, name, address, and telephone number may also be stored. However, only if you agree to this data storage. The data marked as mandatory are necessary for you to participate in the offered service. Providing this information is voluntary, but not doing so will result in you not being able to use the service.
In addition, information about your device or your preferred content on our website may be stored. We document your declaration of consent so that we can always prove that we have acted in accordance with the legal provisions.
​
Period of data processing?
If you unsubscribe your email address from our email or newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can prove your original consent if necessary. We may only process this data if we need to counter any claims against us.
In such a case, if you confirm that you originally gave us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your e-mail address in a blacklist.
As long as you have voluntarily subscribed to our newsletter, we will of course also keep your e-mail address in order to be able to provide the services listed above.
​
Right to object
You have the option to cancel your newsletter subscription at any time. All you must do is revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Most of the time, you will find a link to cancel your newsletter subscription right at the end of every email. If you really can't find the link in the newsletter, please contact us by email and we will cancel your newsletter subscription immediately.
​
Legal grounds
The sending of our newsletter is based on your consent (Art. 6 para. 1 lit. a GDPR). This means that we may only send you a newsletter if you have actively registered for it beforehand. If necessary, we may also send you advertising messages based on Section 7 (3) UWG or based on legitimate interest according to Art. 6 para. 1 lit. f, if you have become our customer and have not objected to the use of your email address for direct advertising.
​
Newsletter service provider
In accordance with GDPR, we use the services of the European newsletter company Sendinblue, based out of France.
With the help of Sendinblue, we can send you interesting news very easily via newsletter. Sendinblue is a cloud-based newsletter management service. "Cloud-based" means that we don't have to install any software on our own systems, yet we can draw from a pool of useful features.
With Sendinblue we can choose from a wide range of different email types. Depending on what we want to achieve with our newsletter, we can do single campaigns, regular campaigns, autoresponders (automatic emails), A/B tests, RSS campaigns (sending out in predefined time and frequency) and follow up campaigns.
The privacy policy of Sendinblue with its newsletter service under the brand name Brevo can be found at https://www.brevo.com/legal/privacypolicy/.
We have concluded a Data Processing Addendum contract with Sendinblue. This contract serves to safeguard your personal data and ensures that Sendinblue complies with the applicable data protection regulations and does not disclose your personal data to third parties. You can find more information about this contract on https://www.brevo.com/legal/termsofuse/#annex.
​
Data transmission to third party countries
We only transfer or process data in countries outside the EU (third countries) if you consent to this processing in advance if this is required by law or if it is contractually necessary.
In any case, we only process data to the extent that this is generally permitted.
Your consent is in most cases the most important reason for us to have data processed in third countries.
Processing personal data in third party countries such as the United States, where many software vendors offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We explicitly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA.
You can find the ruling on this at https://curia.europa.eu/juris/liste.jsf?language=de&num=C-311/18.
Data processing by US services (e. g. Google Analytics, Mailchimp) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account.
Where possible, we try to use server locations within the EU, if this is offered.
​
Security of data processing
The protection of data is very important to us.
To protect personal data, we have implemented both technical and organizational measures in accordance with Art. 25 GDPR.
For example, we consistently rely on encryption of communication between your browser and our web server using the secure transmission protocol HTTPS (Hypertext Transfer Protocol Secure). This means that the complete transmission of all data from your browser to our server is secured and no one can read the transmitted information.
You can recognize the secure data transfer by a small lock symbol in the upper left corner of the browser, to the left of the Internet address (e. g. culturehack.eu) and the use of the https scheme (instead of http) as part of our Internet address.
​
Concluding information on data processing
With this data privacy statement, we have brought you closer to the most important general information regarding data processing.
If you require more detailed information in this regard, you can contact the controller listed above, the providers directly or the responsible authorities.
​